Написать в техподдержку Позвонить нам
Admin Panel Logout

In this article:

    general information

    MCS provides a RESTful XML API for programmatically manipulating stored data using standard HTTP requests. The API is compatible with the Amazon AWS S3 API, allowing you to interact with the service using familiar tools.

    Note

    SOAP over HTTP support has been deprecated but is still available over HTTPS. However, new Amazon S3 features will not be supported for SOAP. REST API or AWS SDK is recommended.

    S3 compatible

    The MCS S3 API is designed to interact with the Amazon AWS S3 API. In most cases, when using the client library, setting the "endpoint" or "base" URL hb.bizmrg.com and creating the MCS S3 key pair will allow the MCS Object Storage service.

    MCS S3 provides support for create, read, update, and delete operations for both buckets and objects, as well as the ability to define access control lists (ACLs). Some S3 features are not supported, as shown in the table below:

    Function Support Note
    Bucket Create, Read, Update, Delete Yes
    Object Create, Read, Update, Delete Yes
    Multipart Uploads Yes
    Pre-Signed URLs Yes Both v2 and v4 signature types are supported
    Bucket ACLs Yes
    Object ACLs Yes
    Identity and Access Management (IAM) No
    Security Token Service (STS) No
    Multi-factor Authentication No
    Public Access Block No
    Bucket Policies No
    Object Policies No
    Bucket Versioning No
    Bucket Replication No
    Bucket Notifications No
    Bucket Tagging No
    Object Tagging Yes
    Request Payment No
    Bucket Lifecycle Yes Object expiration and removal of incomplete compound downloads are supported. Lifecycle policies based on tagging objects are not supported.
    Bucket Inventory No
    Bucket Access Logging No
    Bucket Metrics No
    Bucket Analytics No
    Bucket Accelerate No
    Bucket Encryption Configuration No
    Bucket Websites No
    Object Torrent No
    Object Lock No

    API requests for S3 functions that are not currently supported by MCS will receive an S3-compliant NotImplemented error response in XML format.

    Python example

    import boto3
    from botocore.client import Config
    # Initialize session to MCS S3.
    session = boto3.session.Session ()
    client = session.client ('s3',
    region_name = 'ru-msk',
    endpoint_url = 'https: //hb.bizmrg.com',
    aws_access_key_id = 'urvt4LXPwoSL9s6ieGTLT5',
    aws_secret_access_key = '5JogfQUsWzzBE9xG1mbBkMkgW7pxY4TGyHgefSC9n2Xx')
    # Create a new bucket.
    client.create_bucket (Bucket = 'my-test-bucket1')
    # View the list of buckets in the project.
    response = client.list_buckets ()
    buckets = [bucket ['Name'] for bucket in response ['Buckets']]
    print ("Bucket List:% s"% buckets) 

    Go example

    package main
    import (
    "context"
        "fmt"
    "log"
    "os"
    "github.com/minio/minio-go"
    "github.com/minio/minio-go/pkg/credentials"
    )
    func main () {
    accessKey: = os.Getenv ("MCS_KEY")
    secKey: = os.Getenv ("MCS_SECRET")
    endpoint: = "hb.bizmrg.com"
    bucketName: = "my-test-bucket1" // Bucket names must be unique for all MCS projects
    ssl: = true
    if accessKey == "" || secKey == "" {
    log.Fatal ("Must provide MCS_KEY and MCS_SECRET environment variables!")
    }
    // Connect to MCS S3.
    client, err: = minio.New (endpoint, & minio.Options {
    Creds: credentials.NewStaticV4 (accessKey, secKey, ""),
    Secure: ssl,
    })
    if err! = nil {
    log.Fatal (err)
    }
    // Create a new bucket.
    err = client.MakeBucket (context.TODO (), bucketName, minio.MakeBucketOptions {Region: "ru-msk"})
    if err! = nil {
    log.Fatal (err)
    }
    // Show a list of all buckets.
    buckets, err: = client.ListBuckets (context.TODO ())
    if err! = nil {
    log.Fatal (err)
    }
    fmt.Println ("List of all buckets for this access key:")
    for _, bucket: = range buckets {
    fmt.Println (bucket.Name)
    }
    } 

    Authentication

    Requests to the MCS S3 APIs must include the HTTP-Authorization header. The AWS v4 signature type is supported, as well as the AWS v2 signature type for compatibility with legacy customers. The examples below use v4 signatures. When using the client library, signatures will be generated automatically.

    You can create the required access key and secret key in the "Accounts" menu of the "Object Storage" service of the graphical interface of the MCS panel.

    When creating an account, an Access Key ID and Secret Key values will be generated that are required for use:

    The v4 signature consists of several parts. The table below describes each part of the example separately:

    Parameter Description
    AWS4-HMAC-SHA256 AWS Version 4 Signature (AWS4) and Signature Algorithm (HMAC-SHA256)
    Credential Contains an access key and request information in the format: $ {ACESS_KEY} / $ {YYYMMDD} / $ {REGION_SLUG} / s3 / aws4_request
    SignedHeaders A lowercase list of request header names used in signature computation, for example: host; x-amz-acl; x-amz-content-sha256; x-amz-date
    Signature A signed hash consisting of the hash of the request body, the secret key, and information about the request (canonical request). To demonstrate how this is calculated, a "pseudo-code" example is provided.

    Authorization header example

    Authorization: AWS4-HMAC-SHA256
    Credential = urvt4LXPwoSL9s6ieGTLT5 / 20200831 / ru-msk / s3 / aws4_request,
    SignedHeaders = host; x-amz-acl; x-amz-content-sha256; x-amz-date,
    Signature = 6cab03bef74a80a0441ab7fd33c829a2cdb46bba07e82da518cdb78ac238fda5 

    Signature example (pseudo code)

    canonicalRequest = `
    $ {HTTPMethod} \ n
    $ {canonicalURI} \ n
    $ {canonicalQueryString} \ n
    $ {canonicalHeaders} \ n
    $ {signedHeaders} \ n
    $ {hashedPayload}
    `
    stringToSign = "AWS4-HMAC-SHA256" + "\ n" +
    date (format = ISO08601) + "\ n" +
    date (format = YYYYMMDD) + "/" + "ru-msk" + "/" + "s3 / aws4_request" + "\ n" +
    Hex (SHA256Hash (canonicalRequest))
    dateKey = HMAC-SHA256 ("AWS4" + $ {SECRET_KEY}, date (format = YYYYMMDD))
    dateRegionKey = HMAC-SHA256 (dateKey, "ru-msk")
    dateRegionServiceKey = HMAC-SHA256 (dateRegionKey, "s3")
    signingKey = HMAC-SHA256 (dateRegionServiceKey, "aws4_request")
    signature = Hex (HMAC-SHA256 (signingKey, stringToSign)) 

    The canonical request included in the signature consists of:

    • The HTTP request method to use.
    • Path component of the request URI.
    • Query string parameters included in the request.
    • A list of request headers and their values, separated by a newline, in lowercase and without spaces.
    • A list of header names without values, sorted alphabetically, in lowercase, and separated by semicolons.
    • The SHA256 hash of the request body.

    For example, for the following query:

    GET /? Acl HTTP / 1.1
    Host: my-test-bucket1.hb.bizmrg.com
    x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
    x-amz-date: 20200831T221549Z

    This is the canonical query:

    GET
    /
    acl =
    host: my-test-bucket1.hb.bizmrg.com
    x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
    x-amz-date: 20200831T221549Z
    host; x-amz-content-sha256; x-amz-date
    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    General headers

    Common headers that can be used in most requests:

    Name Description
    Authorization Authorization details for request in AWS Signature Version 4 or AWS Signature Version 2 format
    Content-Length The length of the request body in bytes. Required for PUT requests containing an XML body.
    Content-Type The MIME type of the request body (e.g. text / plain)
    Date Current date and time in Coordinated Universal Time (UTC) format in RFC 2822 format. Example: Mon, 10 Jul 2017 19:05:09 +0000
    Host The target host for the request (for example, my-test-bucket1.hb.bizmrg.com).
    x-amz-content-sha256 The SHA256 hash of the request payload. Required when using AWS Signature Version 4 for authentication.
    x-amz-date The current date and time in Coordinated Universal Time (UTC) using the ISO 8601 format:% Y% m% dT% H% M% SZ (for example 20200831T172753Z). If provided, it takes precedence over the Date heading.

    These general headers can also be found in most of the answers:

    Name Description
    Content-Length Response body length in bytes
    Content-Type The MIME type of the request body (e.g. text / plain)
    Connection Indicator of whether the connection to the server is open or closed
    Date Date and time of response, in Coordinated Universal Time (UTC)
    Etag Object tag containing the MD5 hash of the object
    x-amz-request-id Unique request ID


    Was this article helpful?